fix typo

[myplc.git] / plc.d / gpg

diff --git a/plc.d/gpg b/plc.d/gpg
index 60617e3..189e608 100755 (executable)
--- a/plc.d/gpg
+++ b/plc.d/gpg
@@ -22,6 +22,15 @@ case "$1" in
        # Make temporary GPG home directory
        homedir=$(mktemp -d /tmp/gpg.XXXXXX)
 
+       # in case a previous gpg invocation failed in some weird way
+       # and left behind a zero length gpg key (pub or priv).
+       if [ -f $PLC_ROOT_GPG_KEY_PUB -a ! -s $PLC_ROOT_GPG_KEY_PUB ] ; then
+           rm -f $PLC_ROOT_GPG_KEY_PUB 
+       fi
+       if [ -f $PLC_ROOT_GPG_KEY -a ! -s $PLC_ROOT_GPG_KEY ] ; then
+           rm -f $PLC_ROOT_GPG_KEY
+       fi
+
        if [ ! -f $PLC_ROOT_GPG_KEY_PUB -o ! -f $PLC_ROOT_GPG_KEY ] ; then
            # Generate new GPG keyring
            MESSAGE=$"Generating GPG keys"
@@ -33,7 +42,10 @@ case "$1" in
            # Temporarily replace /dev/random with /dev/urandom to
            # avoid running out of entropy.
            rm -f /dev/random
+           # 1 9 is /dev/urandom
            mknod /dev/random c 1 9
+           # sometimes mknod fails within an improperly setup vserver
+           check
            gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
                --gen-key <<EOF
 Key-Type: DSA
@@ -74,12 +86,25 @@ EOF
            )
            IFS=$OLDIFS
 
-           # Add a new UID if appropriate. GPG will detect and merge duplicates.
-           gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
-               --no-default-keyring \
-               --secret-keyring=$PLC_ROOT_GPG_KEY \
-               --keyring=$PLC_ROOT_GPG_KEY_PUB \
-               --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
+
+           # Add a new UID if appropriate. GPG (v1) will detect and
+           # merge duplicates but this is considered as a bug in GPG2
+           # and we need to check for existence.
+            gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+                --list-keys \
+                --no-default-keyring \
+                --secret-keyring=/etc/planetlab/secring.gpg \
+                --keyring=/etc/planetlab/pubring.gpg \
+                | grep "$PLC_NAME Central" \
+                | grep "$PLC_MAIL_SUPPORT_ADDRESS" \
+                | grep "http://$PLC_WWW_HOST/"
+            
+            if [ $? -ne 0 ]; then
+               gpg --homedir=$homedir --no-permission-warning --batch --no-tty --yes \
+                   --no-default-keyring \
+                   --secret-keyring=$PLC_ROOT_GPG_KEY \
+                   --keyring=$PLC_ROOT_GPG_KEY_PUB \
+                   --command-fd 0 --status-fd 1 --edit-key $fingerprint <<EOF
 adduid
 $PLC_NAME Central
 $PLC_MAIL_SUPPORT_ADDRESS
@@ -87,6 +112,8 @@ http://$PLC_WWW_HOST/
 save
 EOF
            check
+            fi
+
        fi
 
        # Install the key in the RPM database
@@ -101,7 +128,12 @@ EOF
            rpm --allmatches -e gpg-pubkey
            check
        fi
-       rpm --import /etc/pki/rpm-gpg/*
+       # starting with rpm-4.6, this fails when run a second time
+       # it would be complex to do this properly based on the filename, 
+       # as /etc/pki/rpm-gpg/ typically has many symlinks to the same file
+       # see also http://fedoranews.org/tchung/gpg/
+       # so just ignore the result
+       rpm --import /etc/pki/rpm-gpg/* || :
        check
 
        # Make GPG key readable by apache so that the API can sign peer requests